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DETAILED ACTION 



Response to Amendments 

Claims 1-49, 51 and 59 have been cancelled. 
Claims 50, 52-58 and 60-71 have been amended. 
Claims 72-91 have been newly added. 



Claims 50. 52-58 and 60-91 are pending examination . 



Response to Arguments 

I. Applicant's arguments fded 3/3/2009 with respect to claims 50, 58, 66, 70 and 71 
have been considered but are moot in view of the new ground(s) of rejection. 



Allowable Subject Matter - Withdrawn 

II. The indicated allowability of claims 66-71 is withdrawn in view of the newly 
discovered reference to Cox et al (US 6,738,814). Therefore these claims and their 
dependents are now rejected. Rejections based on the newly cited reference follows. 



Claim Rejections - 35 USC § 102 

III. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless — 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant 
for patent, except that an international application filed under the treaty defined in section 351(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 
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IV. Claims 50-54, 58, 61, 62, 64-67, 69-82, 84-87 and 89-91 are rejected under 35 
U.S.C. 102(e) as being anticipated by Cox et al (US 6,738,814). 

a. Per claim 50, Cox et al teach a method for monitoring connection 
transactions with access providers, the method comprising: 

• receiving, at an intermediary device a first connection transaction request 
from a requestor device that requests access to an access providing host 
{col. 3 lines 4-29 and 55-58 — routing device receives private network 
access request from a requestor); 

• comparing, at the intermediary device, an identity of the requestor device 
to information identifying requestor devices from which the intermediary 
device has previously received a connection transaction request that 
resulted in a partially-completed connection transaction that reached a 
time out condition prior to receipt of an acknowledgement corresponding 
to the connection transaction request {col. 3 line 55-col.4 line 15 — 
comparing the requester's IP address to other private network IP 
addresses and spoofed IP addresses that timed out before receiving an 
acknowledgement, the requester's connection transaction is partially- 
completed since no acknowledgement is made); and 

• blocking, at the intermediary device, the first connection transaction 
request to prevent the first connection transaction request from reaching 
the access providing host when the comparison reveals that the 
intermediary device previously received, from the requestor device, a 
connection transaction, request that resulted in a partially-completed 
connection transaction that reached a time out condition prior to receipt of 
an acknowledgement {col.4 lines 16-27 — blocking at the routing device 
the access request when the IP address matches with a previously received 
IP address that timed out prior to an acknowledgement, the requester's 
connection transaction is partially-completed since no acknowledgement 
is made). 

b. Claim 58 differs merely by statutory class from claim 50 (device vs. 
method), yet contains limitations that are equivalent to claim 50 and are therefore rejected 
under the same basis. 

c. Per claim 66, Cox et al teach a method of monitoring access requests to 



access providers comprising: 
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• observing, using an intermediary device other than an access providing 
host that assigns resources responsive to inbound access requests, 
information identifying a requestor based on receipt of the requestor's 
submission of an access request to a first access providing host (col. 3 lines 
4-29 and 55-58 — routing device receives and observes private network 
access request and identification indicia from a requestor); 

• accessing, using the intermediary device, stored information identifying 
previous requestors, of the first access providing host as well as of other 
access providing hosts, that are determined to have submitted a previous 
access request that has timed out prior to submission of an 
acknowledgement corresponding to the previous access request (col. 3 line 
55-col.4 line 4, col.4 lines 62-67 — comparing the IP address of the 
requestor device to other IP addresses that have time out prior to 
submitting an acknowledgement); 

• comparing, using the intermediary device, the observed information 
identifying the requestor to the stored information identifying previous 
requestors (col. 3 line 55-col.4 line 4, col.4 lines 62-67 — comparing the IP 
address and packet header of request from the requestor to other stored IP 
addresses and routing data); and 

• when the comparison reveals that the requestor has submitted a previous 
access request that has timed out prior to submission of an 
acknowledgement corresponding to the previous access request, denying, 
using the intermediary device, the access request submitted by the 
requestor while denying passage of the access request to the first access 
providing host (col.4 lines 16-27 — blocking at the routing device the 
access request when the IP address matches with a previously received IP 
address that timed out prior to an acknowledgement). 

d. Claims 70 and 71 differ merely by statutory class from claim 66 (device 
vs. method vs. storage medium), yet both contain limitations that are equivalent to claim 
66 and are therefore rejected under the same basis. 

e. Per claim 72, Cox et al teach the method of claim 50 further comprising, 
when the comparison reveals that the intermediary device has not previously received, 
from the requestor device, a connection transaction request that resulted in a partially- 



completed connection transaction that reached a time out condition prior to receipt of an 
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acknowledgement, determining, at the intermediary device, whether the first connection 
transaction results in a partially-completed connection transaction in which a time out 
condition is reached prior to receipt of an acknowledgement corresponding to the first 
connection transaction request (col.4 lines 16-27 — determination for whether requester 
access request reached timeout before receipt of an acknowledgement). 

f. Claim 76 claims limitations that are equivalent in scope to the limitations 
of claim 72, and is therefore rejected under the same basis. 

g. Per claim 73, Cox et al teach the method of claim 72 further comprising, 
in response to a determination that the first connection transaction request has reached a 
time out condition prior to receipt of an acknowledgement corresponding to the first 
connection transaction request, terminating the first connection transaction request (col.4 
lines 16-27— if a timeout has occurred, denying the request). 

h. Claim 77 claims limitations that are equivalent in scope to the limitations 
of claim 73, and is therefore rejected under the same basis. 

i. Per claim 74, Cox et al teach the method of claim 72 further comprising, 
in response to a determination that the first connection transaction request has reached a 
time out condition prior to receipt of an acknowledgement corresponding to the first 
connection transaction request, adding the identity of the requestor device to the 
information identifying one or more requestor devices to enable blocking of future 
connection transaction requests received from the requestor device (col.4 lines 4-15 — 
adding the requestor 's IP address to a list to enable future blocking of requests). 

j. Claim 78 claims limitations that are equivalent in scope to the limitations 
of claim 74, and is therefore rejected under the same basis. 
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k. Per claim 75, Cox et al teach the method of claim 50 further comprising 
determining, at the intermediary device, the identity of the requestor device, wherein 
comparing, at the intermediary device, the identity of the requestor device to the 
information identifying the requestor devices comprises comparing, at the intermediary 
device, the determined identity of the requestor device to the information identifying one 
or more requestor devices (col. 3 line 55-col.4 line 4, col.4 liens 62-67— comparing the IP 
address of the requestor device to other IP addresses). 

1. Claim 79 claims limitations that are equivalent in scope to the limitations 
of claim 75, and is therefore rejected under the same basis. 

m. Per claim 53, Cox et al teach the method of claim 72 wherein 
determining, at the intermediary device, whether the first connection transaction request 
results in a partially-completed connection transaction in which a time out condition is 
reached prior to receipt of an acknowledgement corresponding to the first connection 
transaction request comprises: comparing, at the intermediary device, an amount of time 
that the intermediary device has been waiting for an acknowledgement corresponding to 
the first connection transaction request to a time out threshold (col.4 lines 19-27— timeout 
threshold is the specific period of time for receiving an acknowledgment). 

n. Claim 61 claims limitations that are equivalent in scope to the limitations 
of claim 53, and is therefore rejected under the same basis. 

o. Per claim 54, Cox et al teach the method of claim 50 wherein, at the time 
of blocking the first connection transaction request, the intermediary device has not 
previously received, from the requestor device, a connection transaction request that 
requested access to the access providing host (col. 3 line 55-col.4 line 27). 
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p. Claim 62 claims limitations that are equivalent in scope to the limitations 
of claim 54, and is therefore rejected under the same basis. 

q. Per claim 56, Cox et al teach the method of claim 50 further comprising: 
blocking, at the intermediary device, the first connection transaction request in response 
to a determination that a return address included in the first connection transaction 
request differs from an actual return address of the requestor device (col. 3 lines 4-66, 
col. 4 lines 41-49; blocking the request when determined that the return address included 
in the request is incorrect from the actual return address since the address is external but 
is using an internal address). 

r. Claims 64, 69, 84 and 89 claim limitations that are equivalent in scope to 
the limitations of claim 56, and are therefore rejected under the same basis. 

s. Per Claim 57, Cox et al teach the method of claim 50 further comprising 
wherein blocking, at the intermediary device, the first connection transaction request in 
response to a determination that a return address included in the first connection 
transaction request differs from an actual return address of the requestor device comprises 
blocking, at the intermediary device, the first connection transaction request in response 
to a determination that a return Internet protocol address included in the first connection 
transaction request differs from an actual return Internet protocol address of the requestor 
device (col.3 lines 4-66, col.4 lines 41-49; blocking the request when determined that the 
return IP address included in the request is incorrect from the actual return IP address 
since the IP address is external but is using an internal IP address). 

t. Claim 65 claim limitations that are equivalent in scope to the limitations 
of claim 57, and are therefore rejected under the same basis. 
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u. Per claim 67, Cox et al teach the method of claim 66 wherein denying, 
using the intermediary device, the access request submitted by the requestor while 
denying passage of the access request to the first access providing host comprises 
denying, using the intermediary device, the access request submitted by the requestor 
when the comparison reveals that the requestor has submitted, previous access request 
that has timed out prior to submission of an acknowledgement corresponding to the 
previous access request based on a previous access request submitted to an access 
providing host other than the first access providing host {col. 3 lines 56-66, col. 4 lines 4- 
61 — if routing device determines that the requestor has submitted previous requests to a 
destination in the private network before submitting an acknowledgement, then denying 
the request). 

v. Claims 82 and 87 claim limitations that are equivalent in scope to the 
limitations of claim 67, and are therefore rejected under the same basis. 

w. Per claim 80, Cox et al teach the method of claim 66 further comprising, 
when the comparison reveals that the requestor has not submitted a previous access 
request that has timed out prior to submission of an acknowledgement corresponding to 
the previous access request, monitoring, using the intermediary device, a partially- 
completed connection transaction resulting from the access request to determine whether 
a time out condition occurs prior to requestor submission of an acknowledgement 
corresponding to the access request (col.4 lines 16-27 — determination for whether 
requester access request reached timeout before receipt of an acknowledgement). 

x. Claims 85 and 90 claim limitations that are equivalent in scope to the 
limitations of claim 80, and are therefore rejected under the same basis. 
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y. Per claim 81, Cox et al teach the method of claim 80 further comprising, 
to the extent that a time out condition is determined to exist, adding, using the 
intermediary device, information identifying the requestor to the stored information 
identifying previous requestors for use in comparing against future requestors that submit 
an access request (col. 4 lines 4-15 — adding the requestor's IP address to a list to enable 
future blocking of requests). 

z. Claims 86 and 91 claim limitations that are equivalent in scope to the 
limitations of claim 81, and are therefore rejected under the same basis. 



Claim Rejections - 35 USC § 103 

VII. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

VIII. Claims 52, 60, 68, 83 and 88 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cox et al (US 6,738,814) in view of MacLean (US 
7,287,071). 

a. Per claim 52, Cox et al teach the method of claim 50 as applied above, yet 
fail to explicitly teach wherein the intermediary device is a switch capable of performing 
load balancing for the access providing hosts. However, MacLean teaches a load 
balancing switch or router that performs filtering of the communicated network data 
{col. 14 line 13-col.l5 line 23). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to combine the teachings of Cox et al and 
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MacLean for the purpose of utilizing a router or switch capable of blocking and filtering 
certain network communication data as well as performing load balancing to evenly 
distribute the request packets to the network server; because it is well-known in the 
networking art that routers and switches function as gateway devices permitting and 
restricting data to protect the integrity of the data on the network, while it is also common 
for routers and switches to provide load balancing techniques which prevents the servers 
from being overloaded with communication transactions. 

b. Claims 60, 68, 83 and 88 claim limitations that are equivalent in scope to 
the limitation of claim 52, and are therefore rejected under the same basis. 

IX. Claims 55 and 63 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cox et al (US 6,738,814) in view of Olnowich et al (US 5,444,705). 

a. Per claim 55, Cox et al teach the method of claim 50 as applied above, yet 
fail to further teach wherein blocking, at the intermediary device, the first connection 
transaction request further comprises delaying termination of a partially-completed 
connection transaction based on the first connection transaction request to allow the 
intermediary device to continue monitoring communications from the requestor device. 
However Olnowich et al teach delaying termination of a connection transaction by using 
a WAIT response which allows the connections requests to continue being monitored 
acceptance instead of rejected (col.9 lines 54-65, col. 10 lines 32-43). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to combine 
the teachings of Cox et al and Olnowich for the purpose of delaying termination of a 
connection request, because doing so provides an extended time period for collecting 
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additional information regarding the connection request by continuing to monitor the 
request for analysis. 

b. Claim 63 claims limitations that are equivalent in scope to the limitations 
of claim 55, and is therefore rejected under the same basis. 



Conclusion 

X. The prior art made of record and not relied upon is considered pertinent to 
Applicant's disclosure: Halasz et al (7464410), Cantrell et al (7454499), Chen et al 
(7398317), Goldstone (7301899), Alam et al (7069313). 

Examiner's Note: Examiner has cited particular columns and line numbers in the reference(s) 
applied to the claims above for the convenience of the applicant. Although the specified citations 
are representative of the teachings of the art and are applied to specific limitations within the 
individual claim, other passages and figures may apply as well. It is respectfully requested from 
the Applicant in preparing responses, to fully consider the references in entirety as potentially 
teaching all or part of the claimed invention, as well as the context of the cited passages as taught 
by the prior art or relied upon by the examiner. Should Applicant amend the claims of the claimed 
invention, it is respectfully requested that Applicant clearly indicate the portion(s) of Applicant's 
specification that support the amended claim language for ascertaining the metes and bounds of 
Applicant's claimed invention. 

XI. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to KRISTIE D. SHINGLES whose telephone number is 
(571)272-3888. The examiner can normally be reached on Monday 9:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on 571-272-3922. The fax phone number for 



the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Kristie D. Shingles/ 

Examiner, Art Unit 2444 



